[Poppler-bugs] [Bug 7798] Crash in StreamPredictor::getChar

bugzilla-daemon at annarchy.freedesktop.org bugzilla-daemon at annarchy.freedesktop.org
Tue Aug 15 11:57:36 PDT 2006 

Please do not reply to this email: if you want to comment on the bug, go to    
       
the URL shown below and enter yourcomments there.     
   
https://bugs.freedesktop.org/show_bug.cgi?id=7798          
     




------- Additional Comments From slomo at ubuntu.com  2006-08-15 11:57 -------
Ok, with this pdf I got three different crashes when scrolling through the
pdf... backtraces with debug symbols everywhere. The first two are probably the
same.

===== first one =======

Starting program: /usr/bin/evince
SSTIC06-rump-Filiol-Risque_viral_sous_OpenOffice.pdf
[Thread debugging using libthread_db enabled]
[New Thread -1229805904 (LWP 7534)]
[New Thread -1231332448 (LWP 7538)]
*** stack smashing detected ***: /usr/bin/evince terminated

Program received signal SIGABRT, Aborted.
[Switching to Thread -1231332448 (LWP 7538)]
0xffffe410 in __kernel_vsyscall ()

(gdb) thread apply all bt

Thread 2 (Thread -1231332448 (LWP 7538)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7053861 in *__GI_raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7055009 in *__GI_abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb70895bb in __libc_message () from /lib/tls/i686/cmov/libc.so.6
#4  0xb710e871 in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6
#5  0xb6e10184 in __stack_chk_fail_local () at stack_chk_fail_local.c:29
#6  0xb6dc623d in StreamPredictor::getNextLine (this=0x8453048)
    at Stream.cc:589
#7  0x00000000 in ?? ()

Thread 1 (Thread -1229805904 (LWP 7534)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb70eec53 in *__GI___poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb74525a2 in XProcessInternalConnection () from /usr/lib/libX11.so.6
#3  0xb745296f in _XRead () from /usr/lib/libX11.so.6
#4  0xb74532f5 in _XReply () from /usr/lib/libX11.so.6
#5  0xb744a85e in XSync () from /usr/lib/libX11.so.6
#6  0xb7649676 in IA__gdk_flush () at gdkevents-x11.c:2501
#7  0xb7626d33 in alloc_scratch_image (image_info=0x1) at gdkimage.c:319
#8  0xb762701f in _gdk_image_get_scratch (screen=0x80ea0e0, width=256, 
    height=64, depth=24, x=0xbfeb7178, y=0xbfeb7174) at gdkimage.c:376
#9  0xb7631f3e in gdk_draw_rgb_image_core (image_info=0x841d030, 
    drawable=0xb4c00ac8, gc=0x82b0038, x=8, y=302, width=1245, height=579, 
    buf=0xb4849008 '�' <repeats 200 times>..., pixstride=3, rowstride=3736, 
    conv=0xb762e8b1 <gdk_rgb_convert_0888>, cmap=0x0, xdith=0, ydith=0)
    at gdkrgb.c:3288
#10 0xb762302a in gdk_drawable_real_draw_pixbuf (drawable=0xb4c00ac8, 
    gc=0x82b0038, pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, 
    width=1245, height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, 
    y_dither=0) at gdkdraw.c:1640
#11 0xb764769c in gdk_x11_draw_pixbuf (drawable=0x82c3860, gc=0x82b0038, 
    pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, width=1245, 
    height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkdrawable-x11.c:1395
#12 0xb76219b7 in IA__gdk_draw_pixbuf (drawable=0x82c3860, gc=0x82b0038, 
    pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, width=1245, 
    height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkdraw.c:759
#13 0xb762bb0c in gdk_pixmap_draw_pixbuf (drawable=0xb4c00ac8, gc=0x82b0038, 
    pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, width=1245, 
    height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkpixmap.c:427
#14 0xb76219b7 in IA__gdk_draw_pixbuf (drawable=0xb4c00ac8, gc=0x82b0038, 
    pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, width=1245, 
    height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkdraw.c:759
---Type <return> to continue, or q <return> to quit---
#15 0xb7638dbc in gdk_window_draw_pixbuf (drawable=0x831b8c8, gc=0x82b0038, 
    pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, width=1245, 
    height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkwindow.c:2046
#16 0xb76219b7 in IA__gdk_draw_pixbuf (drawable=0x831b8c8, gc=0x82b0038, 
    pixbuf=0x82ef188, src_x=0, src_y=0, dest_x=8, dest_y=302, width=1245, 
    height=579, dither=GDK_RGB_DITHER_NORMAL, x_dither=0, y_dither=0)
    at gdkdraw.c:759
#17 0x08073a1a in ev_view_expose_event (widget=0x80e81f8, event=0xbfeb7bd4)
    at ev-view.c:2344
#18 0xb77bcbc6 in _gtk_marshal_BOOLEAN__BOXED (closure=0x8100658, 
    return_value=0xbfeb7800, n_param_values=2, param_values=0xbfeb78dc, 
    invocation_hint=0xbfeb77ec, marshal_data=0x8073320) at gtkmarshalers.c:83
#19 0xb73e7f05 in g_type_class_meta_marshal (closure=0x8100658, 
    return_value=0xbfeb7800, n_param_values=2, param_values=0xbfeb78dc, 
    invocation_hint=0xbfeb77ec, marshal_data=0xc8) at gclosure.c:567
#20 0xb73e965f in IA__g_closure_invoke (closure=0x8100658, 
    return_value=0xbfeb7800, n_param_values=2, param_values=0xbfeb78dc, 
    invocation_hint=0xbfeb77ec) at gclosure.c:490
#21 0xb73f8f61 in signal_emit_unlocked_R (node=0x80f9e78, detail=0, 
    instance=0x80e81f8, emission_return=0xbfeb7a9c, 
    instance_and_params=0xbfeb78dc) at gsignal.c:2476
#22 0xb73f9c10 in IA__g_signal_emit_valist (instance=0x80e81f8, signal_id=57, 
    detail=0, var_args=<value optimized out>) at gsignal.c:2207
#23 0xb73fa000 in IA__g_signal_emit (instance=0x80e81f8, signal_id=57, 
    detail=0) at gsignal.c:2241
#24 0xb78bfc90 in gtk_widget_event_internal (widget=0x80e81f8, 
    event=0xbfeb7bd4) at gtkwidget.c:3901
#25 0xb77b7e18 in IA__gtk_main_do_event (event=0xbfeb7bd4) at gtkmain.c:1402
#26 0xb763758b in gdk_window_process_updates_internal (window=0x831b8c8)
    at gdkwindow.c:2324
#27 0xb76377b1 in IA__gdk_window_process_all_updates () at gdkwindow.c:2387
#28 0xb77302af in gtk_container_idle_sizer (data=0x0) at gtkcontainer.c:1113
#29 0xb737356f in g_idle_dispatch (source=0x843e9d8, callback=0xffffffff, 
    user_data=0x0) at gmain.c:3924
#30 0xb73750c8 in IA__g_main_context_dispatch (context=0x80ee638)
    at gmain.c:2043
#31 0xb7377e62 in g_main_context_iterate (context=0x80ee638, block=1, 
    dispatch=1, self=0x80d2df0) at gmain.c:2675
#32 0xb737820c in IA__g_main_loop_run (loop=0x831e2a8) at gmain.c:2879
#33 0xb77b8052 in IA__gtk_main () at gtkmain.c:1023
#34 0x08080f91 in main (argc=2, argv=Cannot access memory at address 0x5
) at main.c:344
#0  0xffffe410 in __kernel_vsyscall ()




======= second one =========

Starting program: /usr/bin/evince
SSTIC06-rump-Filiol-Risque_viral_sous_OpenOffice.pdf
[Thread debugging using libthread_db enabled]
[New Thread -1229715792 (LWP 7557)]
[New Thread -1231242336 (LWP 7561)]
*** stack smashing detected ***: /usr/bin/evince terminated

Program received signal SIGABRT, Aborted.
[Switching to Thread -1231242336 (LWP 7561)]
0xffffe410 in __kernel_vsyscall ()
(gdb) thread apply all bt

Thread 2 (Thread -1231242336 (LWP 7561)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7069861 in *__GI_raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb706b009 in *__GI_abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb709f5bb in __libc_message () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7124871 in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6
#5  0xb6e26184 in __stack_chk_fail_local () at stack_chk_fail_local.c:29
#6  0xb6ddc23d in StreamPredictor::getNextLine (this=0x8435e88)
    at Stream.cc:589
#7  0x00000000 in ?? ()

Thread 1 (Thread -1229715792 (LWP 7557)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7104c53 in *__GI___poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb738de95 in g_main_context_iterate (context=0x80ee638, block=1, 
    dispatch=1, self=0x80d2df0) at gmain.c:2977
#3  0xb738e20c in IA__g_main_loop_run (loop=0x82d9cb8) at gmain.c:2879
#4  0xb77ce052 in IA__gtk_main () at gtkmain.c:1023
#5  0x08080f91 in main (argc=2, argv=Cannot access memory at address 0xc
) at main.c:344
#0  0xffffe410 in __kernel_vsyscall ()


===== third one ======

Starting program: /usr/bin/evince
SSTIC06-rump-Filiol-Risque_viral_sous_OpenOffice.pdf
[Thread debugging using libthread_db enabled]
[New Thread -1229838672 (LWP 7587)]
[New Thread -1231365216 (LWP 7592)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231365216 (LWP 7592)]
0xb6dbe261 in StreamPredictor::getChar (this=0x8195870) at Stream.cc:468
468       return predLine[predIdx++];
Current language:  auto; currently c++
(gdb) thread apply all bt

Thread 2 (Thread -1231365216 (LWP 7592)):
#0  0xb6dbe261 in StreamPredictor::getChar (this=0x8195870) at Stream.cc:468
#1  0xb6d5c796 in FlateStream::getChar (this=0xffffffff) at FlateStream.cc:48
#2  0xb6dbacb1 in ImageStream::getLine (this=0x8407150) at Stream.cc:381
#3  0xb7c9b578 in CairoOutputDev::drawImage (this=0x8308cc8, state=0x8195238, 
    ref=0xb69ad0f4, str=0x8438af8, width=60, height=60, colorMap=0x8392d50, 
    maskColors=0x0, inlineImg=0) at CairoOutputDev.cc:855
#4  0xb6d72238 in Gfx::doImage (this=0x83ee118, ref=0xb69ad0f4, str=0x8438af8, 
    inlineImg=0) at Gfx.cc:3224
#5  0xb6d74d41 in Gfx::opXObject (this=0x83ee118, args=0xb69ad1b0, numArgs=1)
    at Gfx.cc:2903
#6  0xb6d6fcf0 in Gfx::execOp (this=0x83ee118, cmd=0xb69ad210, 
    args=0xb69ad1b0, numArgs=<value optimized out>) at Gfx.cc:713
#7  0xb6d6fe8d in Gfx::go (this=0x83ee118, topLevel=1) at Gfx.cc:581
#8  0xb6d703db in Gfx::display (this=0x83ee118, obj=0xb69ad290, topLevel=1)
    at Gfx.cc:544
#9  0xb6db77e8 in Page::displaySlice (this=0x8307ad0, out=0x8308cc8, 
    hDPI=114.92307758331299, vDPI=114.92307758331299, rotate=0, useMediaBox=0, 
    crop=1, sliceX=0, sliceY=0, sliceW=1245, sliceH=932, links=0x0, 
    catalog=0x82f6aa8, abortCheckCbk=0, abortCheckCbkData=0x0, 
    annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at Page.cc:375
#10 0xb7c9836f in poppler_page_render_to_pixbuf (page=0x82d1340, src_x=0, 
    src_y=0, src_width=1245, src_height=932, scale=1.5961538553237915, 
    rotation=0, pixbuf=0x82ea8c0) at poppler-page.cc:363
#11 0x0808fb4f in pdf_document_render_pixbuf (document=0x82be740, rc=0x8343140)
    at ev-poppler.cc:430
#12 0x0808d239 in ev_document_render_pixbuf (document=0x82be740, rc=0x8343140)
    at ev-document.c:223
#13 0x08065331 in ev_job_render_run (job=0x8167258) at ev-jobs.c:319
#14 0x08064005 in handle_job (job=0x8167258) at ev-job-queue.c:102
#15 0x08064558 in ev_render_thread (data=0x0) at ev-job-queue.c:187
#16 0xb7389545 in g_thread_create_proxy (data=0x8103260) at gthread.c:553
#17 0xb715d534 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb70f0a6e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread -1229838672 (LWP 7587)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb70e6c53 in *__GI___poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb736fe95 in g_main_context_iterate (context=0x80ee638, block=1, 
    dispatch=1, self=0x80d2df0) at gmain.c:2977
#3  0xb737020c in IA__g_main_loop_run (loop=0x831e2a8) at gmain.c:2879
#4  0xb77b0052 in IA__gtk_main () at gtkmain.c:1023
#5  0x08080f91 in main (argc=2, argv=Cannot access memory at address 0xc
) at main.c:344
0xb6dbe261      468       return predLine[predIdx++];
          
     
     
--           
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email         
     
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Poppler-bugs mailing list